It’s Not Magic, It’s Mechanics: Demystifying the OWASP Top 10 for AI
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with Sabrina Kayaci, Cybersecurity Engineer for Immersive One, and Rebecca Schimmoeller, Lead Product Marketing Manager. Today, we’re continuing the discussion on our Secure AI capability. “When developers hear ‘AI Security,’ they either start to sweat or eye-roll. It either feels like a black box where the old rules don’t apply, or it feels like inflated marketing hype. The truth is, AI vulnerabilities aren't magic; they are mostly just new manifestations of the classic flaws we’ve been fighting for decades. Once you map the new threats to the old patterns, the mystique fades. You realize it’s not magic to fear or hype to ignore—it’s just an engineering problem to solve.” Rebecca: Awesome frame, Sabrina. No matter where you sit on the spectrum—whether you’re anxious about the risks or skeptical of the buzz—AI security doesn't mean starting from zero. Developers should already have the muscle memory for this. Sabrina: Exactly. We aren't asking them to learn a new language; we're asking them to apply their existing fluency to a new dialect. That’s the core philosophy behind our new OWASP Top 10 for LLMs and GenAI collection. We tackle the problem that AI is often treated as a "new and daunting" field. By framing threats like Supply Chain Vulnerabilities or Excessive Agency as variations of known issues, we accelerate the learning curve. We strip away the "AI mysticism" to reveal the underlying mechanical flaw. Rebecca: I love "stripping away the mysticism." Let’s talk about how that works, starting with the big one everyone is concerned about—Prompt Injection. How do you take that from "scary AI jailbreak" to something a grounded engineer can fix? Sabrina: In the media, Prompt Injection is portrayed as this sentient ghost in the machine. In our lab, we treat it as an Input Validation failure. We show that the system is simply confusing "user input" with "system instructions." When a developer sees it through that lens, the eye-roll stops. It’s no longer hype; it’s just mixed context. And they know how to fix mixed context. We show them how to apply that architectural fix to an LLM. Rebecca: That maps perfectly. But looking at the curriculum, I see we go much deeper than just a standard "Top 10" checklist. Why was it important to go beyond the simple definitions? Sabrina: Because a definition tells you what something is, but it doesn't tell you how it impacts you. In the new OWASP LLM collection, we focus on Core Mechanics and Attack Vectors. We deconstruct threats like Data and Model Poisoning or Supply Chain vulnerabilities to show you exactly how they infiltrate a system. It’s the difference between knowing what an engine looks like and knowing how to take it apart. You need to understand the mechanics of the vulnerability to understand the potential impact—otherwise, you're just guessing at the fix. Rebecca: It sounds like we're upgrading their threat modeling software, not just their syntax. Sabrina: Yes, 100%. Look at Excessive Agency. That sounds like a sci-fi plot about a robot takeover. But when you do the lab, you realize it’s just "Broken Access Control" on steroids. It’s about what happens when you give an automated component too much permission to act on your behalf. Once a developer maps "Excessive Agency" to "Least Privilege," they stop worrying about the robot and start locking down the permissions. Rebecca: Is the goal to get them through all ten modules to earn a Badge? Sabrina: The OWASP Top 10 for LLMs Badge is the end state. It proves you have moved past the "sweat or eye-roll" reactive phase. To your manager, it signals you have a proactive, structured understanding of the AI risk landscape and can speak the language of secure AI. There’s no hype in that. Only value-add to you and your team. Final Thought Our OWASP Top 10 for LLMs collection is the antidote to AI security angst. For the developer, it demystifies the threat landscape, proving that their existing security instincts are the key to solving new problems. For the organization, it ensures that your AI strategy is built on a bedrock of engineering reality, rather than a shaky foundation of fear. [Access Collection]Architecting at Speed: Mastering Secure Development with OpenAI Codex
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with BenMcCarthy, Lead Cybersecurity Engineer for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. Today, we’re continuing the discussion on our Secure AI capability. There is a misconception that security is the enemy of development speed. But with AI, the opposite is true. If you don't have security engineered into your AI workflow, you can't actually go fast—because you’re constantly stopping to fix 'trash code' or patch vulnerabilities. The developers who win in this era aren't just the ones coding faster; they are the ones architecting systems that are secure by design, even at AI speeds.” Rebecca: That’s a crucial distinction, Ben. We often hear that AI is a "firehose" of productivity, but without control, that firehose just creates a mess. It seems like the role of the developer is shifting from "writing lines" to managing this high-velocity output. How does the new Building with AI: Codex CLI collection help them make that shift? Ben: By giving them the controls they need to harness that speed safely. If you let OpenAI’s Codex run without guardrails or understanding, you get velocity, sure—but you also get risk. We designed this collection to empower developers to become their own Security Architects for their workflows. We are leveraging the Azure AI Foundry capability to give learners real, secure access to these models. The goal isn't to teach you how to hit "Tab" to autocomplete; it's to teach you how to rigorously evaluate, guide, and constrain what the AI produces using the command line tool like Codex so you can ship code that is both fast and bulletproof. Rebecca: So it’s about elevating the human’s role to "Architect." Let’s talk specifics given what the collection covers—how did you instill that mindset? Ben: We start by ensuring developers know the power of what you can do with Codex. How to get the best out of your models in this CLI tool. We go over effective prompt engineering, tool usage, and how AI can help with "Greenfield" projects (net-new builds) and "Brownfield" projects (legacy codebases). This is a critical skill for a lead engineer. AI is great at generating new code (greenfield), but it can be dangerous when it doesn't understand the hidden dependencies of a ten-year-old application (brownfield). We teach engineers how to spot those context gaps, key stuff that the AI might miss. Rebecca: I saw "specification-driven development" was a big part of your roadmap, too. How does that fit into the "speed" theme? Ben: This is the ultimate accelerator. Instead of writing the code line-by-line, you write the "spec"—the blueprint—and let Codex handle the implementation details. It’s not about doing less work; it’s about doing higher-leverage work. You define the logic and security constraints, and the AI handles the boilerplate. It shifts the developer’s brain from "how do I type this function?" to "what should this system actually do?" Rebecca: That sounds like a powerful approach, Ben. But what about the security risks? If developers are offloading implementation to Codex, how do they avoid leaking data or introducing bugs? Ben: That’s non-negotiable. In the Guardrails lab, we show learners how to build a safety net. We teach practical methods for stripping PII (Personally Identifiable Information) and using hooks to sanitize inputs before they reach the model. It gives developers the confidence to use these tools freely, knowing they have already engineered the safety mechanisms to protect their org. Rebecca: I saw a lab in the collection called "Tools and MCP" (Model Context Protocol). Is that where you get into advanced workflows? Ben: Exactly. This is where we give developers the keys to become a force multiplier. We show users how to connect Codex to other tools. This is the ideal definition of ROI for developers. You’re automating the tedious "check your work" phase, allowing you to ship secure code faster without burning out on manual review. Rebecca: It feels like that approach accepts today’s AI era realities for what they are and finds the strategic advantages… pushing developers towards productivity and security gains with real mastery. And just like the Claude collection, users have access to a Demonstrate Lab, to prove that mastery, am I right? Ben: Absolutely. The Demonstrate Lab challenges users to build a solution that’s efficient, functional, and secure. It proves that you aren't just an "AI user"—you are an AI Engineer who understands the capabilities the collection covers. Final Thought Our Building with AI: Codex collection is about upgrading the developer’s toolkit. For the organization, it ensures AI adoption is secure and scalable. For the engineer, it removes the drudgery of boilerplate, freeing you to focus on the creative, architectural challenges that drive real value. Ready to upgrade your workflow? [Access Collection]Beyond the Chat Window: How to Securely Vibe Code with Anthropic’s Claude
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with RobertKlentzeris, Application Security Content Engineer for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. Today, we’re deep diving into one facet of our Secure AI capability. “We are seeing a shift from ‘chatting with AI’ to ‘inviting AI into the terminal.’ With the release of tools like Claude Code, developers aren't just copying and pasting snippets from a browser anymore. They are letting an agent live directly in their CLI, giving it permission to read file specs, run commands, and architect entire features. It’s a massive leap in capability—but also in trust.” Rebecca: That is the big shift we’re hearing about, Rob. The market is obsessed with the idea of "vibe coding" right now—just describing what you want and letting the AI handle the implementation details. But for a security leader, the idea of an AI agent having direct access to the CLI (Command Line Interface) sounds terrifying. It feels less like a helper and more like handing a stranger your SSH keys. Rob: That is exactly what makes Claude Code different from your standard autocomplete tools. You aren't just getting code suggestions; you are interacting with an agent that has tooling capabilities—like using MCP (Model Context Protocol) or running slash commands. If you don't know what you're doing, you might accidentally let the agent produce insecure code or mishandle PII in a way that’s harder to spot than a simple copy-paste error. This new collection is about bridging that gap: how do we embrace the speed of vibe coding without sacrificing the security of our platform? Rebecca: So it’s about safe integration. Let’s get into the weeds—what does the "safe" version of this look like in the actual Immersive One labs you created? Rob: We start by defining common patterns used in AI coding agents such as manual prompts and how you can write them so Claude generates secure code. We then go a little deeper and explore how you can let your agents start coding securely with more autonomy and less intervention while staying secure with spec-driven development. From there, we move to the components of Claude Code and show how to leverage these advanced features, such as custom slash commands and skills that can enhance the security of both large legacy and greenfield projects. Rebecca: I noticed your roadmap included a focus on "Guardrails" and "Claude Agents." Is this where we stop "trash code" from hitting production? Rob: Exactly. This is unique to the agentic workflow. In the Claude Agents lab, we teach users how to set up a "Reviewer Agent" that audits the code generated by the first agent. We also have a dedicated lab on Guardrails, focusing on stripping PII (Personally Identifiable Information) before Claude ever sees the data. It’s about ensuring that even if the AI is "vibing," the security protocols remain rigid. Rebecca: That sounds incredible for the security team, but what about the developer? If I’m used to just doing my thing, head down to deliver on time, won’t specification-driven development cramp my style? Rob: Fun fact: It actually makes you faster. Think of the 'spec' as the prompt that saves you ten revisions. At Immersive, we focus heavily on ROI and removing pain for users. In this case, we show developers how to use slash commands and hooks to automate the boring stuff. When you learn to use these tools properly, you stop wrestling with the AI and start conducting it. And because these labs are hands-on with real Claude Code access in a secure sandbox, you can experiment with these powerful agents without worrying about breaking your own local environment. Your manager will love that too. Rebecca: Ha! You’re right. It sounds like we’re giving users a safe place to crash-test the car before they drive it. And I see you wrap it all up with a "Demonstrate" lab? Rob: We do. We want to prove competence. The Demonstrate Lab is a capstone where you have to combine everything—usage, security, and productivity. You have to prove you know how to use Claude Code to build something functional and secure. It validates that you aren't just generating code; you're engineering with it. Final Thought Our Building with AI: Claude Code collection isn't just another coding tutorial. It is a blueprint for the agentic future of development. For you the developer, it turns Claude from a vibe code buddy into a fully integrated, secure pair programmer. For your organization, it transforms a potential security risk into a governed, high-speed workflow. Want to get started? [Access Collection]From Design to Deployment - Securing AI Architectures
With AI agents and LLMs moving into production, a new attack surface has emerged that demands more than just prompt filtering. True AI security requires a deep understanding of the entire ecosystem, including foundational models, the supply chain for third-party components, vector databases, and the agentic frameworks that grant them functionality. Hear from Immersive Principal Security Engineer, Ashley Kingscote and Principal Application Security SME, Chris Wood, for a technical breakdown of modern AI architecture and a practical, engineering-first guide to mitigating these complex threats. You'll hear about: Deconstructing the AI System: Move beyond high-level concepts and see a practical breakdown of AI application architecture, including the roles of Large Language Models (LLMs), Retrieval Augmented Generation (RAG), and Model Context Protocol (MCP). The OWASP Top 10 for LLMs: Dive deep into the OWASP Top 10 for LLMs, exploring critical risks like Prompt Injection, Data Poisoning, Excessive Agency, and Supply Chain Vulnerabilities with developer-focused analogies and examples. The Lethal Trifecta: Understand the dangerous intersection of AI systems having access to private data, the ability to communicate externally, and exposure to untrusted content—and why securing this trifecta is paramount. A Lifecycle Approach to Defense: Learn how to embed security throughout the entire AI development lifecycle, from secure design and threat modeling to robust deployment and operational monitoring in cloud environments.Boosting Cyber Readiness Together: Introducing The New AI In-Lab Assistant
We’re passionate about creating an empowering, collaborative learning environment. That’s why we’re excited to introduce the AI In-Lab Assistant – an intelligent chatbot right inside your lab environment. We want you to solve challenges independently. The new AI assistant is designed to provide hints and tips on a lab, offering guidance without giving away the answer. The aim is to enhance your learning experience, ensuring you're always ready for what’s next. 🔎 Finding your on-demand learning companion Getting started is simple. Open a lab, and you’ll see a sparkle icon in the top right corner of your screen. Clicking this sparkle icon opens the chatbot interface. If the window obstructs your view, you can reposition the chatbot by dragging its top bar. If you need to hide it, click the cross in the top right of the pop-up window or the sparkle icon again. 🔬 How can the assistant help me? We specifically designed this chatbot to help with lab-related queries and tasks inside the lab environment. You can ask it to summarize the lab briefing, help you understand key concepts (such as "what is a SIEM?"), or assist with specific questions (for instance, "I need help with Task 3!"). The chatbot will give you hints and tips without giving you the exact answer. For example, if you're tackling enumeration, it might suggest commands like nmap, netstat, or cat. If you're working on privilege escalation, it may encourage you to think about commands like sudo, su, or to look for SUID binaries. Our sophisticated technology takes snapshots of practical and cloud labs, capturing the necessary context to understand activities on the virtual machine or the command line interface. ✅ Key boundaries and quick tips We want you to get the most out of the new AI In-Lab Assistant. It keeps to the following main points: It won’t give away the answer: We intentionally designed the chatbot to encourage independent completions, not to directly give you the answer. If you ask outright for the answer to a question, it’ll provide hints for you to figure it out yourself. It only applies to lab content: While you can input any query, the chatbot can only answer questions related to the lab you’re currently in. If you ask a non-lab-related question, such as "how’s the weather today in Bristol?", it’ll tell you it doesn’t have access to real-time data. Instead, it’ll encourage you to ask a question about the lab. History isn’t retained: To start a new chat, click the plus icon next to the New chat button in the top left of the chatbot window. This will clear the current history. Note that you’ll lose your conversation history when you exit a lab or start a new one. The chatbot can only retain seven questions before forgetting them. Exclusions: The AI In-Lab Assistant is available in most labs, but isn’t available in custom labs, adaptive assessments, or any demonstrate labs. 🔐 Data security and feedback you can trust We want to be upfront about our technology and security because we value authenticity. Our AI service was built using OpenAI. We prioritize your data security, so we only store your account UUID in the AI service database. We don’t store any other personally identifiable information (PII) except what you explicitly input as queries, which OpenAI will also receive. Crucially, we don’t ingest any custom content labs into our AI service, and the service doesn’t have access to any customer data. We rely on your input to keep improving! You can provide feedback on every response using the thumb-up or thumb-down icons found directly underneath the chatbot’s reply. We monitor this feedback to improve the AI In-Lab Assistant over time. 💁🏻♀️ And don’t forget… If you’d prefer to speak to real humans for hints and tips on your favorite labs, head to the Community and navigate to the Help Forum. If you aren’t satisfied with the AI In-Lab Assistant’s responses or have technical issues with the feature, reach out to Customer Support via the Help Center.How to Build a People-Centric Defense for AI-Driven Attacks
Webinar recorded on 15th October 2025 The headlines are screaming about AI. But beyond the hype of rogue models and autonomous attacks, a more immediate threat is taking shape. AI isn't replacing the human attacker; it's amplifying them, making existing threats more targeted, scalable, and relentless than ever before. At Immersive, our frontline research team, Container 7, sees this evolution firsthand, and their mission is to uncover the real-world techniques threat actors are using today. From Scattered Spider’s sophisticated social engineering to convincing deepfakes, staying one step ahead has never been more critical. Join our experts as they share candid insights and unique discoveries, like an AI LLM bypass, to provide a practical understanding of how to prepare your people and organization for what’s next. You'll hear about: The Amplification Effect: Explore how AI is supercharging traditional attack techniques, from hyper-realistic social engineering to more strategic, data-driven secondary attacks. Threat Actor Spotlight: Dive into real-world examples from threat groups like Scattered Spider, how their tactics are evolving, and how to prepare your teams to defend against them. The Complacency Crisis: Discuss the emerging risk of complacency among technical teams as they rely more on AI, and why human vigilance is more critical than ever. A New Approach to Readiness: Learn why combining deep AI knowledge with human expertise is the only way to stay ahead. You’ll come away with expert tips on how to build a proactive defense.New Labs - Malterminal: Malware Analysis
With artificial intelligence (AI) and large language models (LLMs) fast becoming a more popular and talked-about set of technologies in every industry in society, it's no surprise that LLM-enabled malware now exists that can dynamically generate code, query data, and offload malicious functionality to LLMs, lowering the barrier of entry for threat actors deploying malware. This lab introduces one of the first known malware samples to ever facilitate the use of LLMs to perform malicious functionality. Why should our customers care? Most, if not all, companies are looking into using AI to varying degrees, whether to make their workforce more efficient and productive or to build full models that facilitate technical processes. With this in mind, and with the advent of basic malware that can use API keys to query LLMs and AI services, we will likely see this particular malware set evolve over time. By doing this lab, you'll begin to see how these pieces of malware are just the stub and querier for AI and how they can be used maliciously. This will showcase what this threat is like in its current state. We shall be monitoring how this threat evolves, so stay tuned for more labs. Who is the defensive lab for? SOC Analysts Incident Responders Threat Hunting Here is a link to the lab: https://immersivelabs.online/v2/labs/malterminal-analysisUnlock the World of AI: Introducing Our New AI Foundations Collection!
That's why we’re thrilled to announce the launch of our new AI Foundations collection, a comprehensive set of labs designed to empower you to navigate the fast-paced world of AI confidently. This seven-part lab collection is your guided tour through the core components of modern AI implementation. We've crafted this collection for everyone, breaking down complex concepts into digestible, easy-to-understand labs. Whether you're a seasoned tech professional or just starting your AI journey, this collection will provide you with a practical, hands-on understanding of how AI systems are built and how they work together to deliver powerful capabilities. NOTE: These labs are only available for customers who haven’t opted out of AI-related content. Why a new AI collection? Our customers have asked for more in-depth AI content – a demand that mirrors the explosive growth of the AI market. This new collection is our commitment to staying at the forefront of the industry and proactively addressing the needs of our community. What you'll learn The AI Foundations collection is a journey through the essential concepts of artificial intelligence. Each lab builds on the last, culminating in a holistic understanding of modern AI systems, with a special focus on agentic AI. Here's a glimpse into what you'll discover: Episode 1: Artificial Intelligence (Theory): Dive into the fundamentals of AI, exploring what it is, how it works, and the distinctions between generative AI and AGI. It also discusses AI’s limitations and demystifies the "illusion of thinking". Episode 2: Core Components (Theory): Get acquainted with the building blocks of AI, including LLMs, embedding and diffusion models, RAG, MCP, and the exciting world of agentic AI. It also touches on crucial security considerations as AI transitions from "knowing" to "doing". Episode 3: Large Language Models (Theory): Explore the power of foundational models, the importance of fine-tuning, the role of system prompts, and security considerations such as exploitable vulnerabilities and data privacy. Episode 4: Retrieval Augmented Generation (RAG) (Practical): Take a deep dive into RAG, vector databases, embedding, and chunking. In this hands-on lab, you'll create a knowledge base, chunk a file, and query a fictional company's proprietary data through an integrated AI chatbot. Episode 5: Model Context Protocol (MCP) (Practical): Understand the MCP protocol and its architecture within the broader AI landscape. You'll get hands-on experience using MCP Inspector to interact with an MCP server, and instruct an AI chatbot to organize files on your desktop, gaining insight into exactly how tools are chosen and invoked. Episode 6: Agentic AI (Practical): Immerse yourself in the world of AI agents. You'll get access to real AI agents within a safe sandbox environment. The curious can poke and edit the code and explore integrated Langfuse for a deeper look into the observability of the AI system. Episode 7: Demonstrate Your Knowledge (Theory): Put your newfound knowledge to the test and solidify your understanding of the concepts covered throughout the collection. Secure and private by design We've built our practical AI labs with your security and privacy as the top priority. When you launch a lab, you're entering a completely isolated, sandboxed environment. These sandboxes are self-contained and have no connection to any customer data or personal information. Think of it as your own private, temporary workspace that’s thoroughly purged after each use. To interact with the AI models, each lab session creates temporary user credentials. Not only are these credentials temporary, but they’re also locked to the lab environment itself. This means that even if the credentials were to be exposed, they would be useless outside of the specific lab they were created for, providing a robust layer of security. Access to the internet is also strictly controlled, which only allows connections to the minimum endpoints required for the lab to function. We utilize privacy-centric AI models designed to protect your data. The models we use don’t store or log your prompts and completions. Furthermore, your interactions are never used to train any models, ensuring that your data remains your own. We’ve also opted out of any content being used for service improvements across all the AI services we use. In some of our more advanced labs, we've implemented an additional layer of security with guardrails that preprocess user inputs and model outputs to filter for harmful or inappropriate content. These guardrails are mandatory and can’t be bypassed by users within the lab environment. These multiple layers of security work together to provide a safe and secure environment for you to learn and experiment with AI. Who is this collection for? Everyone! We've designed these labs to be a guided walkthrough, making even the more technical details accessible to anyone working with or interested in AI. Whether you're a developer, a business leader, a student, or simply a curious mind, our AI Foundations course will equip you with the knowledge and skills to thrive in the age of artificial intelligence. Join us on this exciting journey and unlock the power of AI. Get ready to build, innovate, and lead in the new era of intelligence.New Labs: BlackHat 2025 and DefCon 33
Throughout early August 2025, representatives from Immersive's cyber team attended the BlackHat 2025 and DefCon 33 conferences and got great exposure to the latest technologies, topics, and techniques presented by the sharpest minds in our industry. As a result of attending these talks, workshops, and villages, Immersive has created brand new labs going through the various talks that took place, allowing you to get hands-on with the latest technologies and exploits. We present a number of brand new labs covering some of the most interesting and insightful topics from the events, from operational technology (OT) to achieving privilege escalation through firewall software. AI was a hot topic, as you would imagine, especially around Prompt Injection attacks. We already have plenty of content on Prompt Injection, not to mention the new AI Foundations content, so for this series, we created an Appsec Style lab around preventing Prompt Injection attacks. Why should our customers care? BlackHat and DefCon are two conferences that attract the greatest minds in cyber to get together and share their knowledge through workshops, official talks, and villages. Given the high diversity of events and talks that took place, there is something for everyone! Many of the topic areas shared are things that attackers could easily exploit themselves, so taking advantage of the information in these labs equips our customers with the knowledge of the latest vulnerabilities, threats, and exploitation techniques currently being talked about in the industry - improving your resilience and preparation against the latest threats. Who are the labs for? Offensive Security Engineers and Penetration Testers SOC Analysts and Incident Responders Malware Reverse Engineers Operational Technology Engineers Cyber Security Engineers Here is a list of the labs in this release: Binary Facades: Extracting Embedded Scripts CVE-2024-5921 Redux - Bypassing mitigations to PrivEsc with Palo Alto Global Protect Chrome Alone: Transforming a Browser into a C2 Platform No VPN Needed?: Cryptographic Attacks Against the OPC UA Protocol Python: AI Prompt Injection If you'd like to do any of these labs, here is a link to the BlackHat/DefCon collection: https://immersivelabs.online/series/defcon-black-hat/Artificial Intelligence: Navigating the Evolving Landscape
The changing world To understand where we're going, you first need to grasp the sheer scale of what's happening now. The May 2025 report on Artificial Intelligence Trends by Mary Meeker and Bond Capital paints a vivid picture of a sector in overdrive: Unprecedented user adoption: Generative AI tools have achieved mass adoption faster than any previous technology, including the internet and smartphones. Soaring infrastructure investment: Top tech giants (Apple, NVIDIA, Microsoft, Alphabet, Amazon, Meta) spent a combined $212 billion on capital expenditures in 2024, a huge portion of which was dedicated to AI infrastructure like data centres and custom silicon. Shifting cost dynamics: The cost to train a state-of-the-art foundation model remains astronomically high, somewhere in the hundreds of millions of dollars. However, the cost to use these models (the inference cost) is plummeting, making AI more accessible than ever before. Intense competition and rapid imitation: AI is boosting productivity and driving competition between products. Global AI "space race": Nations are treating AI supremacy as a strategic imperative, leading to significant government investment and policy-making, particularly in areas like the semiconductor supply chain, with the US, Europe, and China all building new fabrication plants. With this level of investment and adoption, can you confidently say this is a bubble about to burst? Sir Demis Hassabis, CEO of Google DeepMind, puts this huge change on the same magnitude as the industrial revolution and the launch of the internet. Data from Gartner supports this, suggesting that by the end of 2025, 39% of organizations worldwide will have moved into the experimentation phase of AI adoption. The shift is well and truly on. What does AI look like in 2025? AI is underpinned by machine learning models, which are trained, not programmed. Engineers feed them vast amounts of data, and they learn patterns, concepts, and relationships. Different types of models are used for different purposes, such as those specialising in human language interactions (large language models, LLMs) and artwork generation (diffusion models). When using AI systems, such as chatbots, you’re not interacting with the model directly but rather with additional software that uses the model as its “brain”. This allows you to implement guardrails to check user inputs and model outputs, helping to filter out harmful or inappropriate content. Modern AI systems are rarely just a wrapper around a model. They integrate with other tools and services to enhance their capabilities, such as searching the web for real-time information or accessing private company documents to provide context-specific answers. The year of agentic AI An AI agent is a system that can autonomously pursue a goal. Instead of responding to a single prompt, it can reason, plan, and execute a series of steps to accomplish a complex task. It can also decide which tools to use and in what order. An AI agent may still be a chatbot or run constantly in the background. Big tech companies are adamant that agentic AI is the next evolution, with Google, Amazon, and Microsoft all predicting the next wave of innovation over the next two years. A key catalyst for this explosion was the release of the open-source Model Context Protocol (MCP) by Anthropic in late 2024. MCP provides a standardized way for AI models to discover and use tools. As the official documentation puts it: "Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals... MCP provides a standardized way to connect AI models to different data sources and tools." Source: Model Context Protocol - Getting Started MCP has been a game-changer, dramatically simplifying the process of giving AI systems new capabilities and accelerating the move from AI systems that know things to AI systems that do things. It’s no coincidence that technology companies then started to release their guides for building AI agents following MCP’s release – with Microsoft, Google, Cloudflare, OpenAI, and Amazon following close behind. Technology to watch Finally, a few key technologies that will define the next phase of AI include: Model Context Protocol (MCP) Continue to watch this standard. As more tools and platforms adopt MCP, the ecosystem of "plug-and-play" capabilities for agents will explode, as will the security risks. Simon Willison puts it perfectly by describing a “lethal trifecta”. AI systems with access to private data, the ability to communicate externally, and exposure to untrusted content could easily lead to serious consequences. Source: Simon Willison Authorisation for AI systems As agents move from knowing things to doing things (e.g., booking travel, purchasing supplies, modifying code), security becomes paramount. We need robust authorisation. This will involve human-in-the-loop (HITL) approvals, likely powered by modern authentication standards like Client-Initiated Backchannel Authentication (CIBA), which can send a push notification to a manager to approve an agent's action. Thought leaders from Microsoft suggest an overhaul to OAuth, with agentic systems having their own distinct identities and security considerations. One thing’s for sure: proper authorization is complex – difficult to get right and catastrophic to get wrong. Agent-to-agent communication Current AI agents are specialized for a specific purpose, but next-generation AI functionality comes through the use of multi-agent systems, which can be deployed in a variety of architectures, such as hierarchical or swarms. How agents communicate with each other, share memory, and share capabilities is still in its relative infancy, especially when AI agents may be hosted independently and written with different frameworks. Two competing protocols are emerging: Google's Agent2Agent protocol and IBM’s Agent Communication Protocol (ACP). It's too early to call a winner, but the development of a standard here will be a major milestone. We are at the beginning of the agentic era. 2025 is the year for experimentation. It's time to move from simply using AI to actively building with it, automating the tedious, and unlocking new forms of creativity and productivity. Getting the most out of AI If one thing’s for sure, it’s that the AI landscape is moving fast. So it’s crucial that you and your organisation are at the forefront of AI developments and making the most out of the latest technologies. Keep your eyes peeled for brand new labs in this space coming very soon! Our brand new collection will demystify terminology, explore the core concepts, and let you build and secure modern AI systems in a safe, sandbox environment. Sign up for email notifications from the Immersive Community so you don’t miss out on this brand new collection.
